BSI PD ISO/IEC TR 29156:2015:2016 Edition

$189.07

Information technology. Guidance for specifying performance requirements to meet security and usability needs in applications using biometrics

Published By	Publication Date	Number of Pages
BSI	2016	50

Guaranteed Safe Checkout

Categories: 35.240.15 - Identification cards. Chip cards. Biometrics, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This Technical Report provides guidance on specifying performance requirements for authentication using biometric recognition in order to achieve desired levels of security and usability for the authentication mechanism.

Guidance addresses issues such as the following:

the biometric performance metrics that impact security and usability;
comparing and quantifying the security and usability of biometrics and other authentication mechanisms, when used alone or in combination;
how to combine performance of individual authentication elements in order to meet an overall security and usability requirement;
the trade-off between security and usability in applications using biometric recognition;
considerations in maintaining security and usability in systems incorporating biometrics.

The guidance is targeted towards applications that

use biometrics for the authentication of individuals, and
are of small to medium size (in terms of the number of enrolled individuals).

The guidance does not address the following:

surveillance systems;
systems whose primary aim is to detect and prevent attempts by individuals to create multiple enrolments under different identities;
systems with a large and diverse population of enrolees, which can include people with special needs;
other systems with a complex mix of functional, security and usability requirements.

Such large-scale applications are typically the domain of large organizations, and it is assumed that the developers of such systems will have access to appropriate biometric expertise able to provide guidance beyond the scope of this Technical Report.

This Technical Report does not address biometric modality and technology specific issues, nor does it provide quantitative biometric performance requirements that would satisfy a particular application.

PDF Catalog

PDF Pages	PDF Title
7	Foreword
8	Introduction
9	1 Scope 2 Normative references
10	3 Terms and definitions
11	4 Abbreviated terms 5 Authentication factors 5.1 Overview
12	5.2 Security and usability of authentication mechanisms
13	5.3 Knowledge-based authentication (PIN, passwords) 5.3.1 General description with examples
14	5.3.2 Security considerations
15	5.3.3 Usability considerations 5.4 Possession based authentication (tokens, cards) 5.4.1 General description with examples
16	5.4.2 Security considerations
17	5.4.3 Usability considerations 5.5 Personal characteristic based authentication (biometrics) 5.5.1 General description with examples
19	5.5.2 Security considerations
20	5.5.3 Usability considerations 5.6 Multi-factor authentication 5.6.1 General
21	5.6.2 Example: token and PIN 5.6.3 Implementation options
22	5.6.4 Performance requirements for multi-factor authentication 5.7 Comparing security performance of authentication mechanisms
23	5.8 Summary comparison of authentication factors 6 Determining biometric authentication security requirements 6.1 General 6.2 Business requirements
24	6.3 Security-enhancing aspects 6.4 Suitable target figures for false acceptance rates 6.5 Other considerations in authentication security 6.6 Limits of authentication assurance
25	7 Determining biometric authentication usability requirements 7.1 General 7.2 Accessibility considerations 7.3 Throughput
26	7.4 Authentication failure rate for authorized users
27	7.5 Ease of use at point of authentication 7.6 Ease of use for enrolment 7.7 Other aspects of usability 8 Additional considerations in defining biometric security and usability requirements 8.1 Organization of requirements
28	8.2 Verification and identification modes of operation 8.3 Stages of authentication
29	8.4 Authentication assurance and standards 8.5 Application-specific performance considerations 8.5.1 Performance for business functionality
30	8.5.2 Performance for identity proofing and enrolment
31	8.5.3 Performance for identity verification 8.6 Additional security related requirements
32	8.7 Exception handling 8.8 Multi-factor authentication 8.8.1 General 8.8.2 Improved discrimination
33	8.8.3 Improvements in accessibility 8.8.4 Improvements in usability 8.8.5 Improvements in overall security 8.9 Dealing with security and usability shortfalls
34	8.10 Hypothetical example of quantitative performance requirements
35	9 Use cases 9.1 General 9.2 Time and attendance 9.3 Physical access control
36	9.4 Computer sign-on
37	9.5 Remote authentication
39	Annex A (informative) Risk assessment
48	Bibliography

Additional information

Status	Definitive
Pages	50
Publication Date	2016-01-31
ISBN	978 0 580 93193 2
Standard Number	PD ISO/IEC TR 29156:2015
Title	Information technology. Guidance for specifying performance requirements to meet security and usability needs in applications using biometrics
Identical National Standard Of	ISO/IEC TR 29156:2015
Descriptors	Biometrics, Data processing, Verification, Performance, Security
Publisher	BSI
Committee	IST/44
ICS Codes	35.240.15 - Identification cards. Chip cards. Biometrics

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BSI PD ISO/IEC TR 29156:2015:2016 Edition

PDF Catalog

Related products